In a world where connected devices are becoming more prevalent, the cybersecurity landscape is constantly evolving to keep up with new threats. One such emerging threat is the Murdoc Botnet, a variant of the notorious Mirai malware, which has been actively exploiting vulnerabilities in AVTECH IP cameras and Huawei HG532 routers since at least July 2024. The Murdoc Botnet has already managed to infect over 1,370 systems, primarily across Malaysia, Mexico, Thailand, Indonesia, and Vietnam. By leveraging well-known vulnerabilities such as CVE-2017-17215 and CVE-2024-7029, this botnet gains initial access and proceeds to compromise a wide array of devices.
The Mechanics of the Murdoc Botnet
The Murdoc Botnet employs a sophisticated shell script to download and execute malware suited to the device’s specific CPU architecture, thereby maximizing its potential for disruption. This malicious software enables the botnet to perform distributed denial-of-service (DDoS) attacks, which overwhelm targeted systems with massive amounts of traffic, rendering them unusable. According to Censys, an exposure management platform, over 37,995 AVTECH cameras are currently exposed to this threat, primarily in Taiwan, Vietnam, Indonesia, the United States, and Sri Lanka.
Interestingly, the Murdoc Botnet’s development followed the emergence of another Mirai variant known as gayfemboy. This earlier variant exploited a security flaw in Four-Faith industrial routers back in November 2024. Mirai and BASHLITE derivatives have been responsible for large-scale DDoS attacks affecting sectors like telecommunications, technology, cloud computing, banking, gaming, and financial services. Regions such as India, South Africa, Brazil, Bangladesh, and Kenya have been notably impacted. These attacks have had far-reaching consequences, affecting both individual users and large-scale enterprises.
Mitigating the Threat
As the world becomes more connected, the importance of securing such devices cannot be overstated. Automated systems like the Murdoc Botnet highlight the urgent need for robust cybersecurity measures and continuous updates to device firmware to mitigate risks. Staying ahead of such threats requires vigilance, innovation, and collaboration among cybersecurity professionals, manufacturers, and users.